From a019fc246412d5c4eca78b19faeda2848cde0ddb Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Thu, 10 Aug 2023 04:36:10 +0000
Subject: [PATCH] * Sysdig - remediate sock-shop:session-db
 "SecurityContext.AllowPrivilegeEscalation" for control "Container allowing
 privileged sub processes"

---
 sock-shop/session-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/session-db.yaml b/sock-shop/session-db.yaml
index d03f9a9..b37cbea 100644
--- a/sock-shop/session-db.yaml
+++ b/sock-shop/session-db.yaml
@@ -37,6 +37,8 @@ spec:
             - SETGID
             - SETUID
           readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+
 ---
 apiVersion: v1 # Service - session-db
 kind: Service